Against the ubiquitous backdrop of Zero Trust initiatives, we have all come to accept the motto of “Verify, then trust”. Yet, here we are building an entire stack of Zero Trust enabled technologies, upon a broken implicit-trust foundation. Nowhere is this risk more apparent, than at the device and firmware level. Indeed this is why both nation-state and criminal actors have converged upon a strategy that combines supply chain attack dynamics, with readily exploitable devices. This allows them to impart maximum impact against victim organizations, and even those victim’s downstream partners and customers. In order to address this evolving threat, organizations must take back security control of their devices, and stop trusting the fox that has quite frankly, become the hen house.
This segment is sponsored by Eclypsuim.
Visit https://securityweekly.com/eclypsium to learn more about them!
Data privacy and Web security teams are converging across enterprises and we are seeing more Privacy use cases like cookie banner consent and limiting data sharing (vendors like Facebook, Google etc. are capturing sensitive user data, accessing cameras, microphones, geolocation etc.) via security policies, under the security teams purview.
At Tala we offer a Privacy scan that gives enterprises a full view of which vendors have access to sensitive data and how this data is being shared. This in turn helps set the right security controls in place.
This segment is sponsored by Tala Security.Full Episode Show Notes
Deepika Gajaria - VP of Product at Tala Security
Deepika is responsible for product strategy and delivery at Tala. Working closely with our customers, she drives product direction and shapes the product roadmap to address their core needs. Prior to Tala, Deepika was part of Cisco Jasper where she led the launch of IoT smart city applications. Her career in Product Management began at EMC, in the New Product Introduction team, working on key initiatives across the Storage and the Data Protection divisions. Deepika has held diverse roles in her career: her first job out of school was in Research and Development of high voltage particle accelerator technology used in cancer therapy machines.
Scott Scheferman - Principal Strategist at Eclypsium
Scott, aka "Shagghie" in the community, is a public speaker, thought leader and cyber strategist. With decades of cyber consulting in both Federal and Commercial domains, he brings strong opinions and insight into any topic covering cyber, privacy, AI/ML, or the intersections of these. Winner of the first defcon badge-hacking contest and a defcon music artist, he currently works to bring urgent awareness to the device and firmware attack surface now being readily exploited.
Matt Alderman - Executive Director at CyberRisk Alliance
Strategic Advisor at Automox, security consultant, and wizard of entrepreneurship.
Paul Asadoorian - Founder at Security Weekly
Paul Asadoorian is the founder of Security Weekly, which was acquired by CyberRisk Alliance. Paul spent time “in the trenches” implementing security programs for a lottery company and then a large university. Paul is offensive, having spent several years as a penetration tester. As Product Evangelist for Tenable Network Security, Paul built a library of materials on the topic of vulnerability management. When not hacking together embedded systems (or just plain hacking them) or coding silly projects in Python, Paul can be found researching his next set of headphones.